Hillf, first of all I should say that I'm new to bluetooth and may misunderstand something. IIUC your patch at https://syzkaller.appspot.com/text?tag=Patch&x=15faf610e80000 assumes that an instances of 'struct sco_conn' can share the same 'struct sock' (that's why an extra calls to 'sock_hold()' was added). OTOH my patch at https://lore.kernel.org/linux-bluetooth/20240403142706.25748-1-dmantipov@xxxxxxxxx/T/#t assumes that this is wrong because SCO (by definition) is a point-to-point link between the master device and a specific slave device, and prevents from creating such a sharing instead. So the question is: should we always assume 1:1 relationship between SCO connection and kernel socket? Any comments are highly appreciated, thanks in advance. Dmitry
